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ABSTRACT 

In this policy briefing, the technological 
developments of recent years are linked to the erosion of 
individuals 1 informational privacy under the press of bureaucratic 
efficiency and the ever-growing needs of executive agencies for more 
information. It is noted that privacy protection within federal 
agencies may entail costs, and therefore, may be viewed as a 
constraint upon or impediment to the agency's mission. Discussion of 
these considerations points out that the Office of Management and 
Budget (0MB) is not likely to actively enforce privacy constraints 
because its purpose is to pursue cost reduction. It also indicates 
that data subjects themselves a»e largely unaware of potential 
privacy threats posed by information and technology practices, and 
that they have not organized into a constituency to focus on the 
issue. It is concluded that the Privacy Act of 1974 has not 
accomplished its mission, and that there is no existing device to 
adequately deal with privacy matters. It is proposed that Congress 
establish an independent agency charged with the responsibility of 
protecting federal information privacy. Related constitutional issues 
are raised, the general contours of an effective privacy protection 
nechanism are explored, and the makeup of data protection agencies in 
Canada, Federal Republic of Germany, France, Sweden, and the United 
Kingdom are briefly reviewed. (SD) 
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Executive Summary 



Technological developments in the "information society" have 
eroded an individual's informational privacy under the press of 
bureaucratic efficiency and the insatiable hunger of federal agencies 
for more information. Early warnings about the encroaching tech- 
nology and concerns over privacy and fair information practices led 
to the enactment of the Privacy Act of 1974. Though the OMB was 
given some limited responsibility in implementation of the Privacy 
Act, no plenary authority exists to monitor federal agency compli- 
ance with the Act or to make rules and regulations to carry out the 
purposes of the Act. 

This paper proposes that Congress establish an independent 
agency charged with the responsibility to protect federal informa- 
tional privacy. 

Informational privacy protection is not an element of federal 
agency objectives. Agencies must accomplish their program mis- 
sions as efficiently as possible. Privacy protection may entail 
administrative costs and may, therefore/ be viewed as a constraint 
upon or impediment to the agency's mission. These same considera- 
tions are applicable to the Office of Management and Budget which 
is not likely to actively enforce privacy constraints because its 
purpose is to pursue cost reduction and promote mission-accom- 
plishment by the executive agencies. Data subjects themselves are 
largely unaware of the kinds of privacy threats posed by technology 
and information practices, nor are they organized into a constitu- 
ency to focus on the issue. As a result, the Privacy Act has not 
accomplished its mission, and there is no device in place to deal with 
the matter. 

This paper proposes a comprehensive, plenary authority with 
adequate resource^ for research and study, rulemaking and rule 
interpretation, monitoring of agency practices, auditing of informa- 
tion systems, and adjudication of disputes r agarding the collection, 
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use, maintenance, exchange, or disclosure of personal 
information. The structure of the agency should accommodate 
those program elements. 

It is suggested that the board be composed of a chairman and 
four others appointed by the President and confirmed by the Senate; 
that no more than three members be from the same political party; 
that no board member serve as an officer, employee, or advisor of 
any other entity in the federal government or private sector; that 
board members be appointed for five years (except initially where 
staggered terms are established); and that no member may serve 
consecutive terms on the board. The chairman would be the chief 
executive officer of the board and would head its administrative 
office. 

Each of the four other board members should head one of the 
following operational offices: administrative law judges, research 
and evaluation, auditing and enforcement, and general counsel. 
The board should issue rules and regulations and have power to 
conduct public hearings and to issue administrative subpoenas. Ad- 
ministrative law procedures should conform to the Administrative 
Practices Act. Decisions of the administrative law judges should be 
appealable to the federal district courts. 

For purposes of comparison, the paper briefly reviews the 
makeup of data protection agencies in some other countries. 
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INTRODUCTION 



There is in the United States today no effective mechanism for 
the development, coordination, or oversight of a comprehensive 
federal policy regarding personal privacy with respect to federa 1 
data banks. Faced with the realities of the contemporary "informa- 
tion society" and the computer revolution in information manage- 
ment processing, the individual's informational privacy is being 
rapidly eroded, sacrificed on behalf of bureaucratic efficiency and 
the endless hunger of federal agencies to develop and share larger 
and more refined data bases. 

There have been plenty of early warnings concerning the jeop- 
ardy to privacy resulting from the new technology. In 1971, Arthur 
Miller sounded the alarm in The Assault on Privacy} A. Westin and 
M. Baker, in 1972, clearly focused on the growing problem in their 
book, Data Banks in a Free Society. 2 A special task force of the U.S. De- 
partment of Health, Education, and Welfare, made the first in-depth 
government study of the problem and in 1973 issued its report, 
Computers, Records, and the Rights of Citizens, in which "principles of 
fair information practices" were first articulated; 3 they were also 
reflected in the Privacy Act of 1974. 4 In 1976, the Department of 
Justice issued guidelines regarding the security and privacy of 
criminal history records maintained in government data bases. 5 

In 1977, after a comprehensive three-year study, *he Privacy 
Protection Study Commission issued its report, Personal Privacy in an 
Information Society. 6 The Commission made more than 160 recom- 
mendations for the protection of informational privacy, most of 
which have not been implemented because the Commission ceased 
to exist when its mission was completed and no other entity had re- 
sponsibility to follow up its work. Ir. 1981, the American Bar 
Association sponsored a National Symposium on Personal Privacy 
and Information Technology. The published report from the panel 
of distinguished participants 7 emphasized the privacy threats and 
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urged protective measures. A multitude of publications too numer- 
ous to catalogue here have echoed and re-echoed the previous warn- 
ings. Lisa Albtnger, in the 1986 Annual Survey of American Law, 
succinctly summarized the nature of the \ Mem: 

The right to privacy is integral to the American con 
ception of the proper balance of power between the 
people and their government. As long as a citizen 
abides by the laws, his personal affairs should remain 
free from excessive governmental scrutiny. In recent 
years, however, this balance has shifted. Federal 
agencies today maintain vast amounts of computer 
ized, easily accessible information on nearly every 
aspect of our lives. Unregulated access to this 
information threatens individual privacy 
interests.... 8 

Personal privacy will continue to erode unless a positive and 
powerful program is put in place to preserve this precious human 
value. Accordingly, it is here proposed that Congress establish *n 
independent agency charged with the responsibility to define and 
enforce a policy regarding federal informational privacy. It is not the 
purpose of this paper to prescribe that policy or to strike the balance 
of competing interests regarding access to personal information in 
government files. That is precisely the complex and continuing 
responsibility of the agency to be described herein. The paper will, 
however, suggest some approaches to that task. Additionally, an- 
other paper in this series (see 4 Federal Right of Information Privacy, by 
Jerry Berman and Janlori Goldman) addresses revisions of the 
Privacy Act necessary to clarify and strengthen the federal policies 
for privacy protection. An improved Privacy Act that sets out 
federal policies could be administered by the agency outlined in this 
paper. 

The paper is organized as follows: after a few definitions to 
clarify the author's perspective and terminology, there is a brief de- 
scription of how the new computer technology has altered informa- 
tion management in a way that threatens to destroy informational 
privacy. Next there is a discussion of why the measures pursued 
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thus far have been inadequate to deal with incursions on informa- 
tional privacy. Several examples are offered to illustrate'the piece- 
meal, conflicting, and incomplete steps that have been taken by the 
federal government to protect informational privacy, describing the 
fragmentation of responsibility for information policy among a 
variety of federal executive and legislative entities. Further, the 
judiciary is hampered in making sound case-by-case determina- 
tions because there is no adequate framework of federal policy for 
delineating "privacy." After a discussion of constitutional con- 
straints arising from the separation of governmental powers, the 
paper sets forth the general contours of an independent privacy pro- 
tection board to oversee federal data banks. The paper then identi- 
fies the program elements needed to adequately accomplish the 
tasks of refining and monitoring a federal informational privacy 
policy, as well as dealing with the resolution of disputes among 
agencies or between agencies and data subjects. Finally, there is a 
brief comparative description of some data protection com missions 
in other countries. 

A NOTE ON THE PAPER'S FEDERAL SCOPE 

The subject of this paper is a mechanism to implement policy 
regarding privacy protection in federal information systems. It 
should be clearly understood, however, that in this time of techno- 
logical advances that encourage information exchanges, it is not 
sufficient to address merely the federal role in information process- 
ing. The federal government receives great quantities of personal 
information from state and local government and from the private 
sector. The Privacy Act, the principal statute regarding the subject 
of this paper, does not address the acquisition of information by 
federal agencies; it is primarily concerned with what the agencies do 
with personal information once they have it. Thus, individual 
privacy may be compromised by the disclosure of information by 
the private sector to federal agencies, as well as by the exchange of 
information among state agencies and the private sector — none of 
which is within the purview of the Privacy Act. 
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State governments and the private sector bold the vast bulk of 
personal information concerning the residents of this country. Infor- 
mational privacy protection will be woefully inadequate if the states 
and private sector are not encouraged or required to observe essen- 
tially the same protocols deemed applicable to the federal govern- 
ment. 

When the Privacy Act of 1974 was under consideration, the Ad- 
ministration opposed bringing state government or the private 
sector within the Act, or establishing a single agency with plenary 
oversight of informational privacy. The reasons were that (1) infor- 
mation management practices, especially with respect to privacy 
interests, were extremely poor and it was thought to be a better idea 
to get the federal house in order before establishing guidelines for 
private sector information management, and (2) at that early stage 
it seemed unwise to establish an "information tsar" since experience 
with privacy protection was lacking. 

The troublesome question of "Who watches the watchers?" dis- 
couraged the centralization of information power. Though Privacy 
Act sponsors in Congress favored some private sector regulation 
and an oversight agency, as a compromise the Privacy Protection 
Study Commission was established for a two-year period to study, 
among other things, the matter of private sector information proto- 
cols. Also, some limited oversight authority for Privacy Act implem- 
entation was given to OMB. However, OMB was not intended to 
have a pervasive role in setting, monitoring, or enforcing informa- 
tional privacy protection by the executive agencies that gather and 
use personal information. 

Almost 1 5 years have elapsed since the Privacy Act was passed. 
The recommendations of the Privacy Protection Study Commission 
have been largely unheeded by the private sector; as pressure by the 
federal government for privacy regulation has abated, so has the 
interest of the private sector in pursuing the protection of informa- 
tional privacy. Segments of the insurance industry, for instance, 
implemented privacy protection policies soon after the issuance of 
the Commission report; there is no evidence that other personal 
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information-oriented industries of the private sector ha ve voluntai 
ily done likewise. 9 



It may be that good federal practices, established and enforced, 
will themselves be a guide for the voluntary adoption by state gov- 
ernment and the private sector of similar protocols. Certainly, we 
must begin somewhere, and an exemplary federal program may 
provide a model to be emulated. The author has little faith that such 
might occur; experience subsequent to the Privacy Act suggests 
otherwise. Our belief Is that a firm national policy will be necessary 
for adequate privacy protection to be implemented and respected by 
all record keepers. Though such a program is not the task of this 
paper, the author does not want readers to infer that regulation of 
federal agencies alone is enough simply because that is the focus of 
this paper. 

DEFINITIONS 

At the outset, some definitions will help to clarify terms that 
may be subject to misunderstanding. 

The word "privacy" is much in vogue today, and is used to 
describe a variety of personal interests. 10 There are four separate 
kinds of "privacy" in our common law of torts. These deal with 
intrusions into private places, unpermitted use of someone's name 
for commercial purposes, the false and objectionable portrayal of 
one's lifestyle or personal characteristics, or the general publication 
of private information. None of them addresses directly the prob- 
lems that arise out of the management of personal information in 
government data banks. 1 1 There arealso aspects of personal dignity 
that comprise "privacy" as protected by the U.S. Constitution, such 
as procreation or the integrity of the human body; these also are not 
within the scope of concerns here. 12 Instead, we focus on what we 
call "informational privacy," which is the interest in the collection, 
maintenance, use, r* } dissemination of personal information. 13 

Personal information is any information that describes a natural 
person, and thus is defined by the reference of information and not 
by its content Thus, so long as information refers to an identifiable 
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individual — whether that reference is made by a person's name, or 
a number, or some other identifying characteristic — then it is 
personal information. 

The data subject is the one to whom personal im'ormation refers; 
a record or file is a collection of personal information, and a data 
element is one "piece" of information in a Hie; the "identifier" is the 
data element that connects information with a particular data sub- 
ject. 

The record holder is the entity thai maintains the data base or 
controls access to it; a data base is simply a collection of stored 
information, whether in manual or automated files, that may be 
systematically accessed. "Access" is to gain entry to or read a file or 
data element, and dissemination means the communication of infor- 
mation to a third party — someone other than the data subject or an 
authorized agent of the record holder. 

Security refers to the technology or procedures that safeguard 
information, protecting it from unauthorized access, alteration, or 
loss. Information is confidential if access to it is limited to specified 
entities or purposes; information is secret if only the record holde 
and a chosen few know that the information itself exists. (Criminal 
records are confidential — everyone knows that such files are kept, 
though access to them is controlled. On the other hand, there was 
always popular speculation about whether J. Edgar Hoover had his 
own secret files cn political notables.) A public record is open to 
anyone. 14 

COMPUTER TECHNOLOGY AND INFORMATION 
MAN\GEMENT 

Modem technology makes it possible to collect, store, manipu- 
late, and disseminate information at the speed of light and in 
quantity and quality never before imagined. The advent of min - 
aturization makes possible the micro or "personal" computer, so 
that for a few hundred dollars virtually anyone can own a sophisti- 
cated information processor. Modems allow compuler users to 
connect their machines with data basu>s around the world, so that 
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with appropriate identifiers one has a virtual central data base 
composed of information gleaned from distributed data bases in 
automated systems everywhere. The contents of the Library of 
Congress can be stored on a few discs, so that constraints of space 
regarding information storage have been all but eliminated. 

Because it is relatively easy and cheap to collect and store data, 
the limitations of cost that used to be a natural disincentive to the 
collection and storage of information have been markedly reduced. 
In 1 981, based on data on using IBM mainframe systems, the United 
States Congress Office of Technology Assessment fourd that the 
cost of performing 100,000 calculations on a computer system had 
dropped from $1.26 in 1952, to $0.0025 in 1980. 15 Though ihere has 
been no occasion for a more recent cost analysis, it is common 
knowledge that since 1980 the cost of computer systems has contin- 
ued to drop in relation to the enormous increases in data processing 
capability. 16 

The three billion files of personal information maintained by 
the federal government 17 were but a small privacy threat when that 
information was manually stored and buried somewhere in stacks 
of paper archives. Today, as that information is converted to auto- 
mated files, 18 it is instantly available. What had been a theoretical 
threat to informational privacy has become a real one. 19 The various 
automated data bases maintained by federal agencies can be linked 
together electronically so that, as the Office of Technology Assess- 
ment concluded in a recent report, in reality a virtually centralized 
data base on United States citizens is now available. 20 To make 
matters worse, the Tax Reform Act of 1986 authorized the use of the 
Social Security number (SSN) for a wider range of personal files, and 
requires everyone over the age of five to have a SSN. 21 Though 
directed at improving the efficiency and effectiveness of the 
government's tax programs, the law served to make the SSN an 
even more convenient and pervasive tool for locating, retrieving, 
and linking personal information in government files. 
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Indeed, Congress recognized the inadequacies of the Privacy 
Act with respect to regulating the linking and cross-matching of 
federal computer files by enacting the Computer Matching and 
Privacy Protection Act of 1958. 22 The Act requires the development 
of policies to avoid the kinds of privacy invasions as have been dis- 
cussed above, though that Act itself could be more effective were it 
to be administered by such an agency as described later in this paper. 

FRAGMENTED FEDERAL PROTECTION 

The ''Watergate era" focused public attention on the illegiti- 
mate use of personal information that had been collected in federal 
files for legitimate purposes. 23 That attention led to the passage of 
the Privacy Act of 1974, which was designed to give the data subject 
a measure of control over personal information in federal files. 24 The 
principal provisions of the Privacy Act are designed to give notice to 
the public of federal information systems that store personal data, 
give a data subject the right to review and challenge the accuracy of 
files about him or her, and restrict the exchange or disclosure of 
personal information. As is discussed later, the Act has fallen short 
of expectations, but more importantly, it is not enforced by any 
agency with the power or responsibility to protect informational 
privacy. 

Prior to the Privacy Act, only the Freedom of Information Act, 25 
enacted in 1966, gave the individual any significant rights regarding 
information in federal files, and that was for the purpose of provid- 
ing access to information about government. 

The presumption of the Privacy Act is that personal informa- 
tion is confidential and thus closed to third parties, with specific ex- 
ceptions. The Freedom of Inf orma tion Act, on the other hand, begins 
with the presumption that government records are open to the 
public, except for specified reasons. 26 Thus, when personal informa- 
tion is in a federal record, the basic differences between the Privacy 
Act and Freedom of Information Act create conflicts regarding 
informational privacy protection. 27 Resolution of such conflicts is 
difficult if not impossible because the Department of Justice has 
oversight over the FOIA while OMB is responsible, to a limited 
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extent, for the Privacy Act; there is little evidence of coordination 
between OMB and DOJ regarding the intersection of these two Acts 
in the privacy dimension. 

The decisions pursuant either to Privacy Act or FOIA requests 
rest initially with the various federal agencies to which inquiries are 
addressed. The factors on which decisions are based as to the 
privacy interest of the data subject and the public "need to know" 
vary widely depending upon the nature of the information sought 
and the purpose for which the government maintains it. A multi- 
plicity of agencies have developed a multiplicity of standards that 
have been applied in striking the balance between confidentiality 
and disclosure. In such circumstances, coordination through over- 
sight is crucial for a consistent, even-handed policy. 

While Congress did not establish an agency to coordinate 
implementation of the Privacy Act, it gave some limited lesponsibil- 
ity to OMB, mainly to develop some general guidelines for the 
agencies and to report periodically to Congress on agency activity 
pursuant to the Act. There has been ample criticism of the inadequa- 
cies of privacy protection through OMB oversight. For instance, 
from an OTA report: 

All of the studies evaluating the implementation and 
effectiveness of the Privacy Act cite its major weak- 
nesses to be its reliance on individual initiative; the ambigu- 
ity of some of the act's requirements; the casual manner in 
which OMB has implemented and enforced the act; and 
OMB guidelines issued subsequent to the act that seem to 
contradict the purpose of the act. 28 

And, from a report of the General Accounting Office: 

The pervasiveness of such shortcomings leads us to 
conclude that Privacy Act operations need a cohesive, 
articulated program aimed at assuring that such 
activities are conducted in full compliance with OMB 
guidance and the act's provisions. In our opinion, without 
more active involv ement and monitoring by both OMB and 
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agencies, there will be less than full assurance that 
Privacy Act functions are carried out in a manner that 
protects the privacy rights of individuals and balances 
tnese rights with the information needs of federal 
agencies. 29 

It should not be a surprise that informational privacy is not vig- 
orously pursued by OMB or other federal agencies. The reason is 
simple: the protection of individual privacy is not a rational element 
of federal agency objectives. The agencies are supposed to accom- 
plish their own program missions (which do not include privacy 
protection) as efficiently as possible, so their natural tendency will 
be to use the information in their records in ways that suit their 
purposes, and the privacy interests of the data subject will probably 
be irrelevant. 

Further, the protection of informational privacy may be anti- 
thetical tc in agency's budget concerns, because the protection of 
privacy will entail administrative costs in technology and proce- 
dures to assure that the confidentiality of information is real and 
effective. Thus, privacy protection can be viewed as a constraint 
upon or impediment to agency mission accomplishment and infor- 
mation processing cost-containment. 

These same considerations of the executive department operat- 
ing agencies apply also to OMB. The "fox in the chicken coop" is 
certainly not likely to actively enforce privacy constraints upon its 
sister ^encies because the OMB pursues cost reduction and pro- 
motes effective mission-accomplishment by executive agencies. It 
is, therefore, understandable that OMB has been roundly criticized 
for ineffective privacy protection policy, as has been previously 
cited. A parallel observation has been made about the DOJ role in 
FOIA oversight: 

[T]he Department of Justice is frequently a participant in 
FOIA disputes. In some attenuated sense, they are a 
participant in every FOIA dispute. Even if it is not a 
Department of Justice element involved, then the 
Department of Justice has probably promulgated policies 
that have bearing on how the agency has handled that 
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problem or rendered advice or may be in a position of 
being about to litigate the case. That makes the 
Department of Justice an interested party, and I think if 
you put an ombudsman next door to an interested party 
as part of the same organizational structures, you don't 
get an independent, the kind of independent authority 
that you need to play an ombudsman role effectively. 30 

Accordingly, suggestions merely to strengthen the OMB role 
will miss the mark. The result would be to make OMB more effective 
in pursuing administrative policy at the expense of informational 
privacy. 

Another reason for the lack of privacy protection is that data 
subjects themselves are largely unaware of the kinds of privacy 
threats posed by technology and information practices, and they are 
not organized into a constituency to focus on this issue or to bring 
pressure on the government. Information is not an end in itself; 
rather, it is the means to other ends — it is the grist for decision- 
making. As might be expected, people ordinarily focus on the 
decision to be made, and not on the practices by whLh information 
for the decision has been secured. With the exception of a few public 
interest groups such as the American Bar Association or American 
Civil Liberties Union, no major constituency is pressing for in- 
creased informational privacy. This specific point, incidentally, was 
noted in the ABA Symposium report mentioned earlier: 'The 
individual's informational privacy is relatively unprotected and 
will remain so unless an effective constituency is developed. ...Some 
long-term mechanisms...must be established to.. .develop informa- 
tional privacy policy." 31 To put it another way, no one is watching 
the watchers! 

It seems clear, then, that privacy has suffered, and will continue 
to do so until an independent federal agency is established that is 
concerned with informational privacy az its principal mission. Such 
a suggestion is not a novel idea; there have been other similar 
suggestions proposed in the recent past. 32 Without seeking to 
belabor the point, we cite Lisa Albinger once more: 
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A possible administrative solution to the problem of 
protecting privacy would be the creation of an independent 
public agency to oversee the government s collection and 
use of information. The original Senate version of the Pri- 
vacy Act proposed the establishment of a permanent Pri- 
vacy Protection Board. However, the final compromise leg- 
islation instead created the Privacy Protection Study Com- 
mission, whose term has since expired. 

Attacking the problem of data accumulation by creating 
yet another agency with voluminous records may seem 
paradoxical. However, it would be far easier for the 
public to address problems to one independent agency 
than to locate the department within a given agency 
that deals with privacy concerns. At present the burden 
of regulating information flow is on the public and the 
agencies. The agencies have an inherent conflict of 
interest; they need more information to perform their 
duties effectively and will inevitably seek to justify 
additional information collecting on efficiency grounds. 
Individual citizens simply do not have the resources to 
police government agencies. A "watch-dog" agency to 
oversee privacy concerns would be in a better 
position to strike the necessary balance between the 
government's need for information and the citizen's need 
for privacy. 33 

CONSTITUTIONALITY OF AN INDEPENDENT AGENCY 

Congress has established literally dozens of independent agen- 
cies, and the constitutional legality of such a device is beyond 
question. It may be useful, nevertheless, to describe briefly the 
necessary constitutional ingredients that will be reflected in the 
proposal that follows. 



Generally, Congress may delegate regulatory powers to ad- 
ministrative agencies so long as Congress provides a program 
outline— "intelligible principle." In Viaytnan v. Southard, 23 U.S. (10 
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Wheat.) 1 (1825), Chief Justice Marshall writing for the Court, ac- 
knowledged that Congress could not properly supervise all the day- 
to-day details of national government. Th? Court held that Congress 
may delegate powers to agencies so long as Congress established 
"the general outline of the regulatory program" and allowed the 
agency to fill in the details. The Privacy Act, as amended, provides 
the necessary regulatory program outline. That Act will need 
amending in contemplation of the new administrative agency, a 
need that can be addressed in the authorizing legislation. 

So long as certain conditions are satisfied, Congress may, 
pursuant to Article I, vest administrative agencies with powers to 
decide certain cases and controversies. These administrative courts 
have been held constitutional because the legislature created them 
to make factual and legal determinations concerning "public rights." 
Subsequently, these tribunals have been upheld even where private 
rights are adjudicated, so long as the parties have a right to appeal 
to an Article III court. The proposal hereafter is consistent with these 
principles. 

GENERAL CONTOURS OF AN EFFECTIVE PRIVACY 
PROTECTION MECHANISM 

For there to be a truly effective agency for informational privacy 
protection, it must have comprehensive, plenary authority and 
adequate resources for research and evaluation, rulemaking and 
rule interpretation, monitoring agency practices and auditing infor- 
mation systems, enforcement of privacy policy, and adjudication of 
disputes regarding the collection, use, maintenance, exchange, or 
disclosure of personal information. It is beyond the scope of this 
paper to present a detailed draft of authorizing legislation. It is 
enough to describe the programs and functional authority of such an 
agency. Hereafter, the mechanism to be proposed will be referred to 
simply as "the Board." 

Congress hasackno wledged a need for better privacy oversight 
through passage of the Computer Matching Act of 1988, mentioned 
above. That legislation would authorize data protection boards 




within executive agencies that operate computer file matches. Such 
boards, however, would suffer still from inherent conflicts of inter- 
est and the need for coordination and uniformity that can only be 
met by a single oversight authority. 

Given the variety of independent agencies now in existence, 
there are many models for configuring such an agency. The particu- 
lars of structure depend upon the nature of the program elements 
appropriate to the Board's objectives and functions. 



PROGRAM ELEMENTS 
Research and Evaluation 

In light of the dizzying speed of new information and commu- 
nications technology development and the continuing demands for 
access to personal information, it is imperative that the Board keep 
abreast of these matters and consider their impact on government, 
society, and individuals. Because new technology affects the collec- 
tion, storage, and retrieval of information, the Board should remain 
current regarding information processing techniques. Consultation 
with the various agencies, and with information users and public 
interest groups can help the Board to anticipate the privacy concerns 
attendant upon requests for the collection of new information or 
new uses for available information. The regulations issued by an in- 
formed Board can ameliorate negative impact on informational 
privacy while not impeding the reasonable development or applica- 
tion of new technology or procedures. Periodic studies of the impact 
of personal information disclosures and exchange by federal agen- 
cies and surveys of public attitudes regarding governmental sensi- 
tivity to informational privacy can help the Board assess the value 
and tenor of federal information practices. 
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Rulemaking and Poli cy Interpretation 



The general framework for the government's information pol- 
icy and privacy protection will be prescribed by the Congress in the 
Privacy Act and elsewhere, but the Board's rulemaking and inter- 
pretation for the implementation of that policy will be chief among 
its functions. The Board must be empowered to make rules govern- 
ing the procedures by which agencies will implement the Privacy 
Act, and to determine whether federal information management 
practices satisfy the policy objectives of the Act. No agency should 
collect personal information, nor establish new personal informa- 
tion systems, without Board approval. 

The needs and exigencies pertinent to particular programs and 
information systems require sufficient flexibility in regulation so as 
not to unreasonably encumber the bureaucracy nor discourage 
implementation of cost-effective practices. At the same time, the 
discontinuity and confusion that arises from the establishment of 
variant information policies and practices by a multitudeof agencies 
can be a voided by the Board's unitary oversight. Clear and uniform 
policies reduce uncertainty and the need for litigation; lawsuits 
result when individuals are without adequate guidance regarding 
how a disagreement should be resolved. 

Enforcement 

The enforcement of privacy policy will be a critical necessity for 
the successful protection of informational privacy. The Board must 
be empowered to issue advisory opinions to agencies for the pur- 
pose of suggesting procedures or practices that satisfy privacy re- 
quirements. The Board must also be authorized to issue specific 
orders directing agency compliance with privacy policy or requiring 
that certain practices be altered or terminated. Agencies should 
comply with Board directives promptly or within such time as the 
Board may allow; failure by an agency to comply with Board rules 
or orders should be reported by the Board to the President and to the 
appropriate oversight committees of the House and Senate. 
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Monitorin g and Auditing 



Responsible oversight requires the ongoing monitoring of 
agency compliance with the policies established by the Congress. It 
is not sufficient for the Board merely to await questions from 
agencies or complaints from citizens; instead, it should routinely 
inspect for sufficiency the systems used and procedures promul- 
gated by the agencies pursuant to Board rules and guidelines, and 
should disapprove and require correction of those systems or prac- 
tices deemed inadequate. The Board should review periodic statis- 
tical reports from the agencies (which they are already supposed to 
provide to OMB pursuant to the current provisions of the Privacy 
Act) to assess agency workloads, timeliness of response, and pat- 
terns of personal information disclosure or exchange. 

This function need not engender unreasonably burdensome 
agency reports or red tape; new information technology can be 
utilized to monitor the flow of personal information transactions. 
Here, especially, it is necessary to avoid perceiving this activity from 
the perspective of paper-based information processing, but instead 
to realize the ease and economy which the technology itself can pro- 
vide. Also, the availability of consultation with the Board and its 
staff can help executive department officials make speedier and 
sounder decisions for information management practices that are 
consistent with a respect for privacy. 

Auditing involves the periodic inspection of system hardware, 
software, and operations, to assure that the integrity, confidential- 
ity, and security of information is maintained. The Board's auditors 
should periodically examine in detail an agency's process for treat- 
ing personal information transactions from beginning to end, sam- 
pling requests from or disclosures to agencies, data subjects, or third 
parties. The security programs for personal information systems 
should be challenged, and internal agency procedures to protect 
information should be tested. As noted earlier, new technology can 
help to accomplish this goal as a by-product of the functioning of the 
information systems themselves. Further, a uniform government- 
wide observance of appropriate system security levels may cut costs 
by eliminating unreasonably expensive measures adopted to avoid 
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individual responsibility for the compromise of protected informa- 
tion. The Board can advise on how much security is reasonable in 
terms of the sensith \ty of particular data bases with respect to 
privacy considerations. 

Ad judication of Dis p utes 

Another of the Board's critical functions is to expedite the dis- 
position of disputes; cut time, cost, and inconvenience to data 
subjects and executive departments alike; promote fairness and 
uniformity in information management protocols; and alleviate the 
burden on the federal court system resulting from protracted and 
expensive litigation involving the use and disclosure of government 
information. Accordingly, an office of administrative law judges 
should have the responsibility of resolving informational privacy 
disputes. 

The adversary process of our federal judicial system has pur- 
sued a case-by-case resolution of privacy disputes without the 
guidance of a policy framework against which to measure compet- 
ing interests. As a result, decisions are in conflict, and are not 
decided so as to present a consistent fabric of informational privacy 
policy. Administrative courts, tribunals within administrative 
agencies, may be a far superior alternative to the judicial branch: 

Unlike Article III judges, who can perform only adjudica- 
tive functions, agencies and legislative courts can apply 
their expertise not only to adjudication but also to rule- 
making, administration, and reporting to Congress or other 
decisionmakers. Mixing adjudicative with administrative 
and rulemaking functions helps to adapt adjudication to 
the implementation of regulatory policies in a way that 
might not be possible within a scheme of rigidly separated 
powers. 34 

The Board should be empowered to resolve disagreements 
between agencies concerning interagency access to personal infor- 
mation; or disputes involving data subjects, agencies, and third 
parties with respect to the disclosure of personal information in light 




of privacy interests and government information policy. An expe- 
rienced administrative tribunal can simplify the process and pro- 
vide consistency in the application of statutory policy. 

In addition to deciding disputes, the administrative judges 
should be authorized tc award damages and assess costs and 
attorney fees, as deemed appropriate. In case of appeal to an Article 
III court, review of administrative determinations is a far less expen- 
sive and complex process than entertaining the matter in the court 
de novo. 

Org anizational Structure 

Desirable qualities reflected in the Board's membership and 
structure include these: 

1. It should be nonpartisan because privacy is really a politically 
neutral interest. The Privacy Act, for instance, was cosponsored by 
Senator Edward Kennedy and Congressman Barry Goldwater, Jr., 
often political opposites. 

2. The Board membership should be large enough to encompass a 
suitable scope of professional experience but not so large as to be 
unwieldy in consultation or deliberation. This determination is 
arbitrary within limits; a membership of three is probably too small, 
and nine is too large. 

3. In addition to sitting collectively for rulemaking, or individually 
or in panels for hearings, the board members should be in active 
management of the Board's operating divisions. Day-to-day in- 
volvement in the processes of iederal information management 
should enhance the members' experiential basis for policy analysis 
and guidance, and promote their intimate knowledge and control of 
Board functions and activities. Such a structure diminishes the 
likelihood that the members will be insulated from contact with 
agencies and users by a tier of top-level bureaucrats. 

4. Tenure of members should be staggered and of sufficient duration 
to provide continuity, but not so lengthy as to inhibit the infusion of 
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fresh perspectives sensitive to new information technology and 
environment. This, too, is a rather arbitrary determination, though 
three years is too short a term and *even years is probably too long. 

With these characteristics in mind, as well as the program 
elements and legal constraints previously discussed, here is a gen- 
eral prescription: 

The Board should consist of a chairman and four other mem- 
bers appointed by the President and confirmed by the Senate, who 
should serve full-time. Not more than three members should be of 
the same political party, and none should serve contemporaneously 
as ?ji officer, employee, or advisor of any other entity of federal 
government or the private sector. Members should be appointed for 
a term of five years, except that for initial appointments the Chair- 
man and one member should be appointed for five years, and one 
member each for terms of two, three, and four years; no member 
should serve consecutive terms on the Board. 

The Board, by majority vote, shall issue rules, regulations, 
advisory opinions, and directives, pursuant to the policies estab- 
lished in the authorizing legislation. The Board shall have power to 
authorize public hearings and to issue administrative subpoenas. 
The Board shall report annually to the President and to theCongress 
summarizing its findings and actions, and shall report promptly to 
the President and Congress regarding the failure of any agency to 
substantially comply with Board directives. 

The Chairman will serve as chief executive officer and head the 
Board's administrative office. A member of the Board should head 
each of the following operational offices: administrate e law judges, 
research and evaluation, auditing and enforcement, and general 
counsel. 

The Board's administrative law procedures shall conform to the 
Administrative Practices Act, and decisions of the Board's adminis- 
trative law judges shall be appealable to the Federal District 
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Court for the District of Columbia, or to other appropriate district 
court jurisdictions. 



SOME FOREIGN MODELS 

Several nations have enacted data protection laws which estab- 
lish commissioners ar.d registrars to oversee the implementation of 
privacy protection in government personal information systems. 
These nations include Canada, Federal Republic of Germany, France, 
Sweden, and the United Kingdom. It is interesting to note that 
though the United States was the first developed nation to entertain 
notions of informational privacy, other countries have moved ahead 
with more effective measures for data protection than have we. For 
purposes of comparison regarding the range of options adopted by 
others and those suggested in this paper, here follows a brief de- 
scription of some foreign mode's. 

The Swedish Data Act of 1973 created a Data Inspection Board 
to regulate all automate^ personal informaiion systems in both the 
public and private sector. The Board exercises great -ower by 
inspecting and licensing systems; investigating complaints; and 
regulating, through its rule-making powers, the collection, use, and 
disclosure of information. The Swedish Act guaranty an individ- 
ual the right to access and challenge information about himself 
pursuant to the Board's rules. 

The Federal Republic of Germany's Data Protection Act 35 also 
requires registration of both public and private sector automated 
information systems. The regulatory schema, however, for private 
and government entities differ. Private sectoi information systems 
*~e regulated by state authorities. A Federal Commissioner of Data 
Protection, appointed for a five year term, oversees agency compli- 
ance with the Data Protection Act. The Commissioner investigates 
complaints, audits information systems, and recommends action. 
Though the Commissioner does not have any enforcement powers, 
he reports and makes recommendations to the Minister of the 
Interior and Parliament. 
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Canada's Privacy Act regulates information kept by certain 
governmental institutions listed on a Schedule attached to the act 
and periodically revised. The Act establishes a Privacy Commis- 
sioner appointed for a seven year term and accountable to Parlia- 
ment. The Privacy Commissioner hears complaints from individu- 
als regarding disclosure of personal information and denied re- 
quests to correct or annotate information kept in a file. The Commis- 
sioner also has broad investigatory powers to audit government 
compliance with the Privacy Act, and to compel testimony and 
production of evidence. The Commissioner makes recommenda- 
tions in annual reports to Parliament, and may chastise government 
institutions that are failing to comply with the Act. 

CONCLUSK * 

As a nation that prides itself on its respect for human dignity 
and individual rights, and that has been in the vanguard of recog- 
nizing informational privacy as an aspect of those values, it is ironic 
that we have fallen behind in adequately protecting that interest. 
The longer we wait, the more difficult it becomes to "retrofit" infor- 
mation technology so that protocols can provide appropriate protec- 
tion. Rather than muse over whether we can protect privacy in this 
information society, we should set upon that task at the earliest 
possible time. The next important step is to establish a regulatory 
mechanism with the authority and resources to do the job. That, 
simply, is the proposal put forth. 
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